Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/ByXM_Ln1i6sp51H3UoiAVLtk9H4.roa
File:                     ByXM_Ln1i6sp51H3UoiAVLtk9H4.roa (raw, json)
Hash identifier:          WkKv5GmFkjNS11QcfAX/i3RvuDqUCdANkXDcqukdiOw=
Subject key identifier:   07:25:CC:FC:B9:F5:8B:AB:29:E7:51:F7:52:88:80:54:BB:64:F4:7E
Certificate issuer:       /CN=260909d73a279883e257111e484e7f078b5ec8fd
Certificate serial:       019840CDC986BB13B550F1F0510C3F468F30
Authority key identifier: 26:09:09:D7:3A:27:98:83:E2:57:11:1E:48:4E:7F:07:8B:5E:C8:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgkJ1zonmIPiVxEeSE5_B4teyP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/ByXM_Ln1i6sp51H3UoiAVLtk9H4.roa
Signing time:             Fri 25 Jul 2025 08:58:04 +0000
ROA not before:           Fri 25 Jul 2025 08:58:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206394
IP address blocks:        2001:67c:124::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/JgkJ1zonmIPiVxEeSE5_B4teyP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/JgkJ1zonmIPiVxEeSE5_B4teyP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgkJ1zonmIPiVxEeSE5_B4teyP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:cd:c9:86:bb:13:b5:50:f1:f0:51:0c:3f:46:8f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260909d73a279883e257111e484e7f078b5ec8fd
        Validity
            Not Before: Jul 25 08:58:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0725ccfcb9f58bab29e751f752888054bb64f47e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:75:c6:cc:8d:dd:b3:63:18:ed:c0:88:ba:0e:
                    43:78:ed:01:14:bc:2b:b3:c4:4e:1c:c7:a2:39:34:
                    66:ae:03:d2:87:34:a1:b2:b2:7f:a3:91:d4:4d:1f:
                    1f:7f:bf:64:79:3e:ce:7e:85:16:b3:ea:f9:1a:da:
                    c8:e0:f7:44:1b:46:d3:7f:d8:06:95:cc:b4:4a:5d:
                    e5:72:f8:31:e1:a4:36:e2:5c:a1:27:be:cf:04:79:
                    51:31:78:c0:7c:a9:32:21:0e:05:c1:44:b4:78:a0:
                    7c:48:91:fa:32:77:de:a5:a6:2d:25:43:ee:46:34:
                    10:9e:82:60:f1:a5:c8:1f:b9:1c:e2:75:99:20:7d:
                    ef:02:53:b1:31:37:b3:56:06:c4:76:b9:90:59:87:
                    40:fd:63:ef:b6:2b:25:16:d0:1a:c9:33:54:dc:ff:
                    5e:87:9b:7d:ed:c2:2e:78:20:e4:1b:c3:9d:16:dd:
                    7c:d0:47:dc:6b:b1:d1:5d:9f:ec:83:1b:16:53:15:
                    53:c6:76:ea:ff:c2:af:b5:e6:f3:56:c9:a3:00:61:
                    ed:a5:2c:c1:f6:1a:13:ed:b0:61:f8:de:97:2f:65:
                    12:58:82:27:d3:44:97:90:ec:26:b7:b1:3f:c8:3b:
                    f5:aa:f5:80:70:b5:27:4c:80:f9:59:70:26:c0:3d:
                    0e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:25:CC:FC:B9:F5:8B:AB:29:E7:51:F7:52:88:80:54:BB:64:F4:7E
            X509v3 Authority Key Identifier:
                keyid:26:09:09:D7:3A:27:98:83:E2:57:11:1E:48:4E:7F:07:8B:5E:C8:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgkJ1zonmIPiVxEeSE5_B4teyP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/ByXM_Ln1i6sp51H3UoiAVLtk9H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/0fa88e-a5db-48e8-b15b-6561317cf263/1/JgkJ1zonmIPiVxEeSE5_B4teyP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:124::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:48:4f:59:44:36:29:8f:44:54:d7:45:72:9b:0f:a0:a2:56:
         b2:a2:1b:64:93:8b:de:ec:d7:46:14:a2:e6:bf:92:c9:5e:b8:
         3f:17:c7:f2:be:39:02:27:dc:d5:3f:3b:17:1d:da:64:cf:2c:
         32:f4:bb:71:b6:79:20:7f:82:52:b2:2c:53:88:3c:d3:fd:66:
         d1:34:d9:7e:89:60:12:22:1e:42:44:56:14:2b:37:7e:94:77:
         06:5b:d2:c3:92:23:da:2c:5e:1c:cd:ac:da:92:d1:fc:5d:0a:
         0a:c9:7c:45:9d:c5:5f:35:46:f7:61:3d:55:fa:a3:27:70:a7:
         e7:1c:c5:f8:e5:1c:55:f1:78:3b:c5:fb:01:66:79:3b:ea:76:
         e2:d3:55:b0:79:cd:a3:c3:77:61:51:2c:02:e4:30:80:6b:d0:
         67:98:24:95:4e:1a:16:08:f8:f5:07:3b:82:71:6e:26:e8:11:
         27:6b:5b:f8:fe:b8:01:af:b8:d1:fc:bd:5d:2a:85:4b:01:14:
         34:57:02:9c:26:ef:65:c3:05:58:79:13:42:54:50:d5:6b:f9:
         4d:0e:32:28:4f:d6:0c:c9:61:1a:f2:22:a7:fa:c3:2f:4b:31:
         60:a0:f7:f1:b3:f8:4a:94:f9:2a:0c:5f:41:a0:c9:e1:d2:23:
         c3:e7:2f:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhAzcmGuxO1UPHwUQw/Ro8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MDkwOWQ3M2EyNzk4ODNlMjU3MTExZTQ4NGU3ZjA3OGI1
ZWM4ZmQwHhcNMjUwNzI1MDg1ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzI1Y2NmY2I5ZjU4YmFiMjllNzUxZjc1Mjg4ODA1NGJiNjRmNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3XGzI3ds2MY7cCIug5DeO0BFLwr
s8ROHMeiOTRmrgPShzShsrJ/o5HUTR8ff79keT7OfoUWs+r5GtrI4PdEG0bTf9gG
lcy0Sl3lcvgx4aQ24lyhJ77PBHlRMXjAfKkyIQ4FwUS0eKB8SJH6MnfepaYtJUPu
RjQQnoJg8aXIH7kc4nWZIH3vAlOxMTezVgbEdrmQWYdA/WPvtislFtAayTNU3P9e
h5t97cIueCDkG8OdFt180Efca7HRXZ/sgxsWUxVTxnbq/8KvtebzVsmjAGHtpSzB
9hoT7bBh+N6XL2USWIIn00SXkOwmt7E/yDv1qvWAcLUnTID5WXAmwD0OnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAclzPy59YurKedR91KIgFS7ZPR+MB8GA1UdIwQY
MBaAFCYJCdc6J5iD4lcRHkhOfweLXsj9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdrSjF6b25tSVBpVnhFZVNFNV9CNHRleVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8wZmE4OGUtYTVkYi00OGU4LWIxNWIt
NjU2MTMxN2NmMjYzLzEvQnlYTV9MbjFpNnNwNTFIM1VvaUFWTHRrOUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8wZmE4OGUtYTVkYi00OGU4LWIxNWItNjU2MTMxN2NmMjYz
LzEvSmdrSjF6b25tSVBpVnhFZVNFNV9CNHRleVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAEk
MA0GCSqGSIb3DQEBCwUAA4IBAQCSSE9ZRDYpj0RU10Vymw+golayohtkk4ve7NdG
FKLmv5LJXrg/F8fyvjkCJ9zVPzsXHdpkzywy9Ltxtnkgf4JSsixTiDzT/WbRNNl+
iWASIh5CRFYUKzd+lHcGW9LDkiPaLF4czazaktH8XQoKyXxFncVfNUb3YT1V+qMn
cKfnHMX45RxV8Xg7xfsBZnk76nbi01Wwec2jw3dhUSwC5DCAa9BnmCSVThoWCPj1
BzuCcW4m6BEna1v4/rgBr7jR/L1dKoVLARQ0VwKcJu9lwwVYeRNCVFDVa/lNDjIo
T9YMyWEa8iKn+sMvSzFgoPfxs/hKlPkqDF9BoMnh0iPD5y/L
-----END CERTIFICATE-----